Merge remote-tracking branch 'origin' into publish-npm

.dockerignore

@@ -1,3 +1,5 @@
 grafana
 grafana-*
 dist
+.git
+.github

.github/workflows/codeowners-validator.yml

@@ -0,0 +1,38 @@
+name: "Codeowners Validator"
+
+on:
+  pull_request:
+    branches: [ main ]
+
+jobs:
+  codeowners-validator:
+    runs-on: ubuntu-latest
+    steps:
+      # Checks-out your repository, which is validated in the next step
+      - uses: actions/checkout@v2
+      - name: GitHub CODEOWNERS Validator
+        uses: mszostok/[email protected]
+        # input parameters
+        with:
+          # ==== GitHub Auth ====
+
+          # "The list of checks that will be executed. By default, all checks are executed. Possible values: files,owners,duppatterns,syntax"
+          checks: "files,duppatterns,syntax"
+
+          # "The comma-separated list of experimental checks that should be executed. By default, all experimental checks are turned off. Possible values: notowned,avoid-shadowing"
+          experimental_checks: "notowned,avoid-shadowing"
+
+          # The repository path in which CODEOWNERS file should be validated."
+          repository_path: "."
+
+          # Defines the level on which the application should treat check issues as failures. Defaults to warning, which treats both errors and warnings as failures, and exits with error code 3. Possible values are error and warning. Default: warning"
+          check_failure_level: "error"
+
+          # The comma-separated list of patterns that should be ignored by not-owned-checker. For example, you can specify * and as a result, the * pattern from the CODEOWNERS file will be ignored and files owned by this pattern will be reported as unowned unless a later specific pattern will match that path. It's useful because often we have default owners entry at the begging of the CODOEWNERS file, e.g. * @global-owner1 @global-owner2"
+          not_owned_checker_skip_patterns: ""
+
+          # Specifies whether CODEOWNERS may have unowned files. For example, `/infra/oncall-rotator/oncall-config.yml` doesn't have owner and this is not reported.
+          owner_checker_allow_unowned_patterns: "false"
+
+          # Specifies whether only teams are allowed as owners of files.
+          owner_checker_owners_must_be_teams: "false"          

.golangci.toml

@@ -89,6 +89,15 @@ text = "ST1001"
 linters = ["staticcheck"]
 text = "SA1019: strings.Title"
 
+# ExitCode is deprecated with 0.7.x
+[[issues.exclude-rules]]
+linters = ["staticcheck"]
+text = "SA1019: container"
+[[issues.exclude-rules]]
+linters = ["staticcheck"]
+path = "ci/"
+text = "SA1019"
+
 [[issues.exclude-rules]]
 linters = ["staticcheck"]
 text = "use fake service and real access control evaluator instead"

Dockerfile

@@ -1,15 +1,15 @@
 FROM golang:1.20-alpine
 
-ARG DAGGER_VERSION=v0.6.3
+ARG DAGGER_VERSION=v0.6.4
 
 WORKDIR /src
+RUN apk add --no-cache git docker wget bash
+
+# Install dagger
+RUN wget "https://github.com/dagger/dagger/releases/download/${DAGGER_VERSION}/dagger_${DAGGER_VERSION}_linux_amd64.tar.gz" && \
+    tar -xvf ./dagger_${DAGGER_VERSION}_linux_amd64.tar.gz && mv dagger /bin && rm dagger_${DAGGER_VERSION}_linux_amd64.tar.gz
 
 ADD . .
-RUN apk add --update git docker wget bash
 RUN go build -o /src/grafana-build ./cmd
 
-# Install dagger
-RUN wget "https://github.com/dagger/dagger/releases/download/${DAGGER_VERSION}/dagger_${DAGGER_VERSION}_linux_amd64.tar.gz"
-RUN tar -xvf ./dagger_${DAGGER_VERSION}_linux_amd64.tar.gz && mv dagger /bin && rm dagger_${DAGGER_VERSION}_linux_amd64.tar.gz
-
 ENTRYPOINT ["dagger", "run", "/src/grafana-build"]

ci/lint.go

@@ -9,7 +9,7 @@ import (
 
 func lintProject(ctx context.Context, dc *dagger.Client) error {
 	workDir := dc.Host().Directory(".")
-	container := dc.Container(containerOpts).
+	container := dc.Container().
 		From("golangci/golangci-lint:v1.52.2").
 		WithWorkdir("/src").
 		WithMountedDirectory("/src", workDir).

cmd/flags.go

@@ -6,6 +6,8 @@ import (
 	"github.com/urfave/cli/v2"
 )
 
+const defaultGoVersion = "1.21.0"
+
 var FlagPackage = &cli.StringSliceFlag{
 	Name:  "package",
 	Usage: "Path to a grafana.tar.gz package used as input. This command will process each package provided separately and produce an equal number of applicable outputs",
@@ -129,6 +131,12 @@ var GrafanaFlags = []cli.Flag{
 		Name:  "go-tags",
 		Usage: "Sets the go `-tags` flag when compiling the backend",
 	},
+	&cli.StringFlag{
+		Name:     "go-version",
+		Usage:    "The version of Go to be used for building the Grafana backend",
+		Required: false,
+		Value:    defaultGoVersion,
+	},
 	&cli.StringFlag{
 		Name:  "yarn-cache",
 		Usage: "If there is a yarn cache directory, then mount that when running 'yarn install' instead of creating a cache directory",
@@ -194,7 +202,7 @@ var GPGFlags = []cli.Flag{
 		Usage: "Provides a private key encoded in base64 for GPG signing",
 	},
 	&cli.StringFlag{
-		Name:  "gpg-passphrase-base64",
+		Name:  "gpg-passphrase",
 		Usage: "Provides a private key passphrase encoded in base64 for GPG signing",
 	},
 	&cli.BoolFlag{

containers/base_golang.go

@@ -1,11 +1,14 @@
 package containers
 
 import (
+	"log"
+
 	"dagger.io/dagger"
 )
 
 // GolangContainer returns a dagger container with everything set up that is needed to build Grafana's Go backend or run the Golang tests.
 func GolangContainer(d *dagger.Client, platform dagger.Platform, base string) *dagger.Container {
+	log.Printf("Retrieving Go container based on `%s`", base)
 	opts := dagger.ContainerOpts{
 		Platform: platform,
 	}

containers/base_rpm.go

@@ -1,6 +1,12 @@
 package containers
 
-import "dagger.io/dagger"
+import (
+	"encoding/base64"
+	"log"
+	"time"
+
+	"dagger.io/dagger"
+)
 
 const RPMMacros = `
 %_signature gpg
@@ -21,20 +27,34 @@ func RPMContainer(d *dagger.Client, opts *GPGOpts) *dagger.Container {
 	if !opts.Sign {
 		return container
 	}
-	gpgPublicKeyBase64Secret := d.SetSecret("gpg-public-key-base64", opts.GPGPublicKeyBase64)
-	gpgPrivateKeyBase64Secret := d.SetSecret("gpg-private-key-base64", opts.GPGPrivateKeyBase64)
-	gpgPassphraseBase64Secret := d.SetSecret("gpg-passphrase-base64", opts.GPGPassphraseBase64)
+	var gpgPublicKeySecret, gpgPrivateKeySecret, gpgPassphraseSecret *dagger.Secret
+
+	if sec, err := base64.StdEncoding.DecodeString(opts.GPGPublicKeyBase64); err == nil {
+		gpgPublicKeySecret = d.SetSecret("gpg-public-key", string(sec))
+	} else {
+		log.Printf("gpg-public-key-base64 cannot be decoded %s", err.Error())
+	}
+
+	if sec, err := base64.StdEncoding.DecodeString(opts.GPGPrivateKeyBase64); err == nil {
+		gpgPrivateKeySecret = d.SetSecret("gpg-private-key", string(sec))
+	} else {
+		log.Printf("gpg-private-key-base64 cannot be decoded %s", err.Error())
+	}
+
+	gpgPassphraseSecret = d.SetSecret("gpg-passphrase", opts.GPGPassphrase)
+
 	return container.
-		WithSecretVariable("GPG_PUBLIC_KEY_BASE64", gpgPublicKeyBase64Secret).
-		WithSecretVariable("GPG_PRIVATE_KEY_BASE64", gpgPrivateKeyBase64Secret).
-		WithSecretVariable("GPG_PASSPHRASE_BASE64", gpgPassphraseBase64Secret).
 		WithExec([]string{"apt-get", "install", "-yq", "gnupg2"}).
 		WithExec([]string{"mkdir", "-p", "/root/.rpmdb/privkeys"}).
 		WithExec([]string{"mkdir", "-p", "/root/.rpmdb/passkeys"}).
 		WithExec([]string{"mkdir", "-p", "/root/.rpmdb/pubkeys"}).
-		WithExec([]string{"/bin/sh", "-c", "echo \"$GPG_PRIVATE_KEY_BASE64\" | base64 -d > /root/.rpmdb/privkeys/grafana.key"}).
-		WithExec([]string{"/bin/sh", "-c", "echo \"$GPG_PASSPHRASE_BASE64\" | base64 -d > /root/.rpmdb/passkeys/grafana.key"}).
-		WithExec([]string{"/bin/sh", "-c", "echo \"$GPG_PUBLIC_KEY_BASE64\" | base64 -d > /root/.rpmdb/pubkeys/grafana.key"}).
+		WithEnvVariable("now", time.Now().String()).
+		WithSecretVariable("GPG_PUBLIC_KEY", gpgPublicKeySecret).
+		WithSecretVariable("GPG_PRIVATE_KEY", gpgPrivateKeySecret).
+		WithSecretVariable("GPG_PASSPHRASE", gpgPassphraseSecret).
+		WithExec([]string{"/bin/sh", "-c", "echo \"$GPG_PRIVATE_KEY\" > /root/.rpmdb/privkeys/grafana.key"}).
+		WithExec([]string{"/bin/sh", "-c", "echo \"$GPG_PASSPHRASE\" > /root/.rpmdb/passkeys/grafana.key"}).
+		WithExec([]string{"/bin/sh", "-c", "echo \"$GPG_PUBLIC_KEY\" > /root/.rpmdb/pubkeys/grafana.key"}).
 		WithNewFile("/root/.rpmmacros", dagger.ContainerWithNewFileOpts{
 			Permissions: 0400,
 			Contents:    RPMMacros,

containers/base_viceroy.go

@@ -9,13 +9,13 @@ import (
 )
 
 const (
-	GoURL        = "https://go.dev/dl/go1.20.2.linux-%s.tar.gz"
+	GoURL        = "https://go.dev/dl/go%s.linux-%s.tar.gz"
 	ViceroyImage = "rfratto/viceroy:v0.3.0"
 )
 
 // ViceroyContainer returns a dagger container with everything set up that is needed to build Grafana's Go backend
 // with CGO using Viceroy, which makes setting up the C compiler toolchain easier.
-func ViceroyContainer(d *dagger.Client, distro executil.Distribution, base string) *dagger.Container {
+func ViceroyContainer(d *dagger.Client, distro executil.Distribution, base string, goVersion string) *dagger.Container {
 	opts := dagger.ContainerOpts{
 		Platform: "linux/amd64",
 	}
@@ -25,7 +25,7 @@ func ViceroyContainer(d *dagger.Client, distro executil.Distribution, base strin
 	// * amd64
 	// * armv6l
 	// * arm64
-	goURL := fmt.Sprintf(GoURL, "amd64")
+	goURL := fmt.Sprintf(GoURL, goVersion, "amd64")
 	container := d.Container(opts).From(base)
 
 	// Install Go manually, and install make, git, and curl from the package manager.

containers/build_backend.go

@@ -10,9 +10,9 @@ import (
 	"github.com/grafana/grafana-build/versions"
 )
 
-const (
-	GoImageAlpine = "golang:1.20.7-alpine"
-)
+func GetGoImageAlpine(version string) string {
+	return fmt.Sprintf("golang:%s-alpine", version)
+}
 
 var GrafanaCommands = []string{
 	"grafana",
@@ -38,18 +38,20 @@ type CompileBackendOpts struct {
 	BuildInfo    *BuildInfo
 	Env          map[string]string
 	GoTags       []string
+	GoVersion    string
 
 	CombinedExecutables bool
 }
 
-func goBuildImage(distro executil.Distribution, opts *executil.GoBuildOpts) string {
-	os, _ := executil.OSAndArch(distro)
+func goBuildImage(distro executil.Distribution, opts *executil.GoBuildOpts, goVersion string) string {
+	os, arch := executil.OSAndArch(distro)
 
-	if os != "linux" {
+	// For arm/v7 and arm/v6 we want to use viceroy
+	if os != "linux" || arch == "arm" {
 		return ViceroyImage
 	}
 
-	return GoImageAlpine
+	return GetGoImageAlpine(goVersion)
 }
 
 // This function will return the platform equivalent to the distribution.
@@ -92,15 +94,15 @@ func CompileBackendBuilder(d *dagger.Client, opts *CompileBackendOpts) *dagger.C
 	var (
 		goBuildOpts = goBuildOptsFunc(distro, buildinfo)
 		env         = executil.GoBuildEnv(goBuildOpts)
-		image       = goBuildImage(distro, goBuildOpts)
+		image       = goBuildImage(distro, goBuildOpts, opts.GoVersion)
 	)
 
-	log.Println("Creating Grafana backend build container for", distro, "on platform", platform)
+	log.Println("Creating Grafana backend build container for", distro, "on platform", platform, "using", opts.GoVersion)
 
 	builder := GolangContainer(d, platform, image)
 
 	if image == ViceroyImage {
-		builder = ViceroyContainer(d, distro, ViceroyImage)
+		builder = ViceroyContainer(d, distro, ViceroyImage, opts.GoVersion)
 	}
 
 	genGoArgs := []string{"make", "gen-go"}

containers/build_backend_platforms.go

@@ -56,8 +56,8 @@ func BuildOptsDynamicARM(distro executil.Distribution, buildinfo *BuildInfo) *ex
 	)
 
 	return &executil.GoBuildOpts{
-		CC:                ZigCC(distro),
-		CXX:               ZigCXX(distro),
+		// CC:                ZigCC(distro),
+		// CXX:               ZigCXX(distro),
 		ExperimentalFlags: []string{},
 		OS:                os,
 		Arch:              "arm",

containers/buildinfo.go

@@ -18,7 +18,7 @@ type BuildInfo struct {
 
 func (b *BuildInfo) LDFlags() []string {
 	return []string{
-		fmt.Sprintf("main.version=%s", b.Version),
+		fmt.Sprintf("main.version=%s", strings.TrimPrefix(b.Version, "v")),
 		fmt.Sprintf("main.commit=%s", b.Commit),
 		fmt.Sprintf("main.buildstamp=%d", b.Timestamp.Unix()),
 		fmt.Sprintf("main.buildBranch=%s", b.Branch),

containers/dependencies_golang.go

@@ -8,8 +8,8 @@ func WithCachedGoDependencies(container *dagger.Container, dir *dagger.Directory
 	})
 }
 
-func DownloadGolangDependencies(d *dagger.Client, platform dagger.Platform, gomod, gosum *dagger.File) *dagger.Directory {
-	container := GolangContainer(d, platform, GoImageAlpine).
+func DownloadGolangDependencies(d *dagger.Client, platform dagger.Platform, gomod, gosum *dagger.File, goVersion string) *dagger.Directory {
+	container := GolangContainer(d, platform, GetGoImageAlpine(goVersion)).
 		WithWorkdir("/src").
 		WithMountedFile("/src/go.mod", gomod).
 		WithMountedFile("/src/go.sum", gosum).

containers/google_cloud.go

@@ -1,6 +1,7 @@
 package containers
 
 import (
+	"fmt"
 	"math/rand"
 	"os"
 	"path/filepath"
@@ -23,13 +24,20 @@ type GCPServiceAccount struct {
 }
 
 func (a *GCPServiceAccount) Authenticate(d *dagger.Client, c *dagger.Container) (*dagger.Container, error) {
-	container := c.WithMountedFile(
-		"/opt/service_account.json",
-		d.Host().Directory(filepath.Dir(a.JSONFile)).File(filepath.Base(a.JSONFile)),
-	)
+	if a.DaggerFile == nil && a.JSONFile == "" {
+		return nil, fmt.Errorf("GCPServiceAccount authentication missed JSONFile AND DaggerFile")
+	}
+	var container *dagger.Container
+
+	if a.JSONFile != "" {
+		container = c.WithMountedFile(
+			"/opt/service_account.json",
+			d.Host().Directory(filepath.Dir(a.JSONFile)).File(filepath.Base(a.JSONFile)),
+		)
+	}
 
 	if a.DaggerFile != nil {
-		container = container.WithMountedFile("/opt/service_account.json", a.DaggerFile)
+		container = c.WithMountedFile("/opt/service_account.json", a.DaggerFile)
 	}
 
 	return container.WithExec([]string{"gcloud", "auth", "activate-service-account", "--key-file", "/opt/service_account.json"}), nil

containers/opts_gpg.go

@@ -1,21 +1,23 @@
 package containers
 
 import (
+	"strings"
+
 	"github.com/grafana/grafana-build/cliutil"
 )
 
 type GPGOpts struct {
 	Sign                bool
 	GPGPrivateKeyBase64 string
 	GPGPublicKeyBase64  string
-	GPGPassphraseBase64 string
+	GPGPassphrase       string
 }
 
 func GPGOptsFromFlags(c cliutil.CLIContext) *GPGOpts {
 	return &GPGOpts{
 		Sign:                c.Bool("sign"),
-		GPGPrivateKeyBase64: c.String("gpg-private-key-base64"),
-		GPGPublicKeyBase64:  c.String("gpg-public-key-base64"),
-		GPGPassphraseBase64: c.String("gpg-passphrase-base64"),
+		GPGPrivateKeyBase64: strings.ReplaceAll(c.String("gpg-private-key-base64"), "\n", ""),
+		GPGPublicKeyBase64:  strings.ReplaceAll(c.String("gpg-public-key-base64"), "\n", ""),
+		GPGPassphrase:       c.String("gpg-passphrase"),
 	}
 }

containers/opts_grafana.go

@@ -31,6 +31,7 @@ type GrafanaOpts struct {
 	GitHubToken   string
 	Env           map[string]string
 	GoTags        []string
+	GoVersion     string
 
 	// Version will be set by the '--version' flag if provided, and returned in the 'Version' function.
 	// If not set, then the version function will attempt to retrieve the version from Grafana's package.json or some other method.
@@ -52,6 +53,7 @@ func GrafanaOptsFromFlags(ctx context.Context, c cliutil.CLIContext) (*GrafanaOp
 		buildID        = c.String("build-id")
 		gitHubToken    = c.String("github-token")
 		goTags         = c.StringSlice("go-tags")
+		goVersion      = c.String("go-version")
 	)
 
 	if buildID == "" {
@@ -98,6 +100,7 @@ func GrafanaOptsFromFlags(ctx context.Context, c cliutil.CLIContext) (*GrafanaOp
 		GitHubToken:      gitHubToken,
 		Env:              env,
 		GoTags:           goTags,
+		GoVersion:        goVersion,
 		YarnCacheHostDir: c.String("yarn-cache"),
 	}, nil
 }